3416 matches found
APICheck - The DevSecOps Toolset For REST APIs
APICheck is a complete toolset designed and created for testing REST APIs. Why APICheck APICheck focuses not only in the security testing and hacking use cases. The goal of the project is to become a complete toolset for DevSecOps cycles. The tools are aimed to diverse users profiles: Developers...
The Legal Risks of Security Research
Sunoo Park and Kendra Albert have published "A Researcher’s Guide to Some Legal Risks of Security Research." From a summary: Such risk extends beyond anti-hacking laws, implicating copyright law and anti-circumvention provisions DMCA §1201, electronic privacy law ECPA, and cryptography export...
bettercap-proxy-modules
This is a collection of HTTP proxy modules for the BetterCap framework, a tool for performing network attacks and penetration testing. The modules are designed to be used with the BetterCap proxy server, which can be configured to intercept and modify HTTP traffic between a client and a server. T...
anniehackingrealtor.com Cross Site Scripting vulnerability OBB-1444489
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Researcher: I Hacked Trump’s Twitter by Guessing Password
Dutch ethical hacker Victor Gevers claims it only took five attempts to guess the password to President Donald Trump’s Twitter account — “maga2020!”. That’s all he needed to hijack the @realdonaldtrump handle, according a report from Dutch newspaper de Volksrant, because it lacked even the most...
NSA Advisory on Chinese Government Hacking
The NSA released an advisory listing the top twenty-five known vulnerabilities currently being exploited by Chinese nation-state attackers. This advisory provides Common Vulnerabilities and Exposures CVEs known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to...
ctf
This repository contains a writeup for the CSAW CTF 2015. The writeup includes descriptions of various challenges, including web, exploit, crypto, reversing, and forensics challenges. The writeup is organized into sections, with each section describing a specific challenge. The challenges include...
Exploit for CVE-2020-2883
CVE-2020-2883 re write of...
What Programming Languages Do Ethical Hackers Use?
By Owais Sultan Ethical hacking is when hacking is done for good reasons - The people behind ethical hacking are ethical hackers or white hat hackers. This is a post from HackRead.com Read the original post: What Programming Languages Do Ethical Hackers Use?...
Promising Infusions of Cash, Fake Investor John Bernard Walked Away With $30M
September featured two stories on a phony tech investor named John Bernard, a pseudonym used by a convicted thief named John Clifton Davies whos fleeced dozens of technology companies out of an estimated $30 million with the promise of lucrative investments. Those stories prompted a flood of tips...
New 'MosaicRegressor' UEFI Bootkit Malware Found Active in the Wild
Cybersecurity researchers have spotted a rare kind of potentially dangerous malware that targets a machine's booting process to drop persistent malware. The campaign involved the use of a compromised UEFI or Unified Extensible Firmware Interface containing a malicious implant, making it the secon...
QR Codes: A Sneaky Security Threat
If it seems like QR codes have popped up everywhere these days, you’re right. Ever since they were first used by the Japanese auto industry to streamline manufacturing processes, companies everywhere have capitalized on the benefits of QR codes. They’re cheap to deploy and can be applied to almos...
Dropbox, Linkedin hacker sentenced to 7 years in prison
By Deeba Ahmed Yevgeniy Nikulin aka Linkedin hacker, a Russian national was found guilty of hacking into LinkedIn, Dropbox, and Formspring. This is a post from HackRead.com Read the original post: Dropbox, Linkedin hacker sentenced to 7 years in prison...
When Coffee Machines Demand Ransom, You Know IoT Is Screwed
A researcher reverse engineered an internet-connected coffee maker to see what kinds of hacks he could do with it. The answer: quite a lot...
Beware: New Android Spyware Found Posing as Telegram and Threema Apps
A hacking group known for its attacks in the Middle East, at least since 2017, has recently been found impersonating legitimate messaging apps such as Telegram and Threema to infect Android devices with a new, previously undocumented malware. "Compared to the versions documented in 2017,...
Russian Who Hacked LinkedIn, Dropbox Sentenced to 7 Years in Prison
A Russian hacker who was found guilty of hacking LinkedIn, Dropbox, and Formspring over eight years ago has finally been sentenced to 88 months in United States prison, that's more than seven years by a federal court in San Francisco this week. Yevgeniy Aleksandrovich Nikulin , 32, of Moscow hack...
Cisco Issues Patches For 2 High-Severity IOS XR Flaws Under Active Attacks
Cisco yesterday released security patches for two high-severity vulnerabilities affecting its IOS XR software that were found exploited in the wild a month ago. Tracked as CVE-2020-3566 and CVE-2020-3569, details for both zero-day unauthenticated DoS vulnerabilities were made public by Cisco late...
13-year-old student arrested for hacking school computers
By Deeba Ahmed The student faces a felony charge for allegedly hacking an Indiana school district's computer system. This is a post from HackRead.com Read the original post: 13-year-old student arrested for hacking school computers...
sindaport.com.br Cross Site Scripting vulnerability OBB-1371203
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Lock and Code S1Ep16: Investigating digital vulnerabilities with Samy Kamkar
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Samy Kamkar, chief security officer and co-founder of Open Path, about the digital vulnerabilities in our physical world. If you look through a recent...